From 42255db77a8f42bdf632e8ae878de6fff91c712a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 May 2018 18:05:41 -0400 Subject: [PATCH] - Synchronized data. --- 2017/2xxx/CVE-2017-2613.json | 151 ++++++++++++++++++--------------- 2018/10xxx/CVE-2018-10589.json | 7 +- 2018/10xxx/CVE-2018-10590.json | 7 +- 2018/10xxx/CVE-2018-10591.json | 7 +- 2018/7xxx/CVE-2018-7495.json | 7 +- 2018/7xxx/CVE-2018-7497.json | 7 +- 2018/7xxx/CVE-2018-7499.json | 7 +- 2018/7xxx/CVE-2018-7501.json | 7 +- 2018/7xxx/CVE-2018-7503.json | 7 +- 2018/7xxx/CVE-2018-7505.json | 7 +- 2018/8xxx/CVE-2018-8841.json | 7 +- 2018/8xxx/CVE-2018-8845.json | 7 +- 12 files changed, 115 insertions(+), 113 deletions(-) diff --git a/2017/2xxx/CVE-2017-2613.json b/2017/2xxx/CVE-2017-2613.json index 35e60aff79b..d16c4952977 100644 --- a/2017/2xxx/CVE-2017-2613.json +++ b/2017/2xxx/CVE-2017-2613.json @@ -1,72 +1,85 @@ { - "impact": { - "cvss": [ - [ - { - "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version": "3.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2017-2613", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "jenkins", + "version" : { + "version_data" : [ + { + "version_value" : "jenkins 2.44" + }, + { + "version_value" : "jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406)." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-770" + } ] - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406)." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "jenkins 2.44" - }, - { - "version_value": "jenkins 2.32.2" - } - ] - }, - "product_name": "jenkins" - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-770" - } - ] - } - ] - }, - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613" - } - ] - }, - "CVE_data_meta": { - "ID": "CVE-2017-2613", - "ASSIGNER": "lpardo@redhat.com" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613" + }, + { + "name" : "https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601", + "refsource" : "CONFIRM", + "url" : "https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601" + }, + { + "name" : "https://jenkins.io/security/advisory/2017-02-01/", + "refsource" : "CONFIRM", + "url" : "https://jenkins.io/security/advisory/2017-02-01/" + } + ] + } } diff --git a/2018/10xxx/CVE-2018-10589.json b/2018/10xxx/CVE-2018-10589.json index b85f2a965de..a2b81868e6e 100644 --- a/2018/10xxx/CVE-2018-10589.json +++ b/2018/10xxx/CVE-2018-10589.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/10xxx/CVE-2018-10590.json b/2018/10xxx/CVE-2018-10590.json index edd1a6d80b5..f1994374d27 100644 --- a/2018/10xxx/CVE-2018-10590.json +++ b/2018/10xxx/CVE-2018-10590.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/10xxx/CVE-2018-10591.json b/2018/10xxx/CVE-2018-10591.json index 8067546ff75..ee6d4473047 100644 --- a/2018/10xxx/CVE-2018-10591.json +++ b/2018/10xxx/CVE-2018-10591.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7495.json b/2018/7xxx/CVE-2018-7495.json index a073caf5a46..eb81834bea3 100644 --- a/2018/7xxx/CVE-2018-7495.json +++ b/2018/7xxx/CVE-2018-7495.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An external control of file name or path vulnerability has been identified, which may allow an attacker to delete files." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7497.json b/2018/7xxx/CVE-2018-7497.json index 0a5bd90ad15..6679d4fd89d 100644 --- a/2018/7xxx/CVE-2018-7497.json +++ b/2018/7xxx/CVE-2018-7497.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7499.json b/2018/7xxx/CVE-2018-7499.json index f6d5d3df693..86c224e56ce 100644 --- a/2018/7xxx/CVE-2018-7499.json +++ b/2018/7xxx/CVE-2018-7499.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7501.json b/2018/7xxx/CVE-2018-7501.json index 7f64a5e66c3..a31ab460da7 100644 --- a/2018/7xxx/CVE-2018-7501.json +++ b/2018/7xxx/CVE-2018-7501.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7503.json b/2018/7xxx/CVE-2018-7503.json index af3ee8ea82d..c8f792bc64d 100644 --- a/2018/7xxx/CVE-2018-7503.json +++ b/2018/7xxx/CVE-2018-7503.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/7xxx/CVE-2018-7505.json b/2018/7xxx/CVE-2018-7505.json index 5144974975b..b0041fc5d0b 100644 --- a/2018/7xxx/CVE-2018-7505.json +++ b/2018/7xxx/CVE-2018-7505.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/8xxx/CVE-2018-8841.json b/2018/8xxx/CVE-2018-8841.json index 44f0383f934..3f7c58c0455 100644 --- a/2018/8xxx/CVE-2018-8841.json +++ b/2018/8xxx/CVE-2018-8841.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/8xxx/CVE-2018-8845.json b/2018/8xxx/CVE-2018-8845.json index ff641e603be..72498ba3f30 100644 --- a/2018/8xxx/CVE-2018-8845.json +++ b/2018/8xxx/CVE-2018-8845.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code." + "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ] }, @@ -54,10 +54,9 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] }